<?php
if (!defined('IN_MEDIA')) die("Hacking attempt");
if ($_POST['login']) {
	$warn = '';
	$name = m_htmlchars(stripslashes(trim(urldecode($_POST['name']))));
	$pwd = stripslashes(urldecode($_POST['pwd']));
	$q = $mysql->query("SELECT user_id FROM ".$tb_prefix."user WHERE user_name = '".$name."' AND user_password = '".md5($pwd)."'");
	if (!$mysql->num_rows($q)) {
		if (m_check_random_str($pwd,15))
			$q = $mysql->query("SELECT user_id FROM ".$tb_prefix."user WHERE user_name = '".$name."' AND (user_new_password = '".$pwd."' AND user_new_password != '')");
		if (!$mysql->num_rows($q))	
			$warn .= "Username hoặc mật khẩu không chính xác";
	}
	if ($warn) echo "".$warn;
	else {
		$r = $mysql->fetch_array($q);
		$salt = m_random_str(10);
		$identifier = $salt.md5($salt.IP.$r['user_id'].$salt).m_random_str(10);
		$timeout = NOW + 2*60*60;
		$_SESSION['user_id'] = $r['user_id'];
		$_SESSION['identifier'] = $identifier;
		m_setcookie('USER', $identifier);
		setcookie("cech_cache", "1", strtotime('+12 Hours'));
		$mysql->query("UPDATE ".$tb_prefix."user SET user_online = 1, user_ip = '".IP."', user_identifier = '".$identifier."', user_timeout = '".$timeout."' WHERE user_id = '".$r['user_id']."'");
	}
	exit();
}
?>
